Deprecate -s flag and add --ed-key-file option to generate_appcast

[zorgiepoo]

Passing a raw secret to command line argument (even when using a 'secret' environment variable) is discouraged and unsafe. After reading up several sources online, it's recommended to pass such a secret that CI platforms may provide as standard input to the program, using a built-in like echo.

So we deprecate the -s flag in sign_update and generate_appcast, add a --ed-key-file option to generate_appcast that takes a file just like sign_update -f (or --ed-key-file now), and interpret - as the standard input file to read the key from.

I'm pretty certain now this is the right way forward but I'll leave this PR open a bit in case anyone wants to chime in.

As our documentation generally recommends using the keychain which is the default path for these tools, I don't think we need to update any website documentation (edit: I should update the migration page). The help pages for these tools will be updated.

Fixes #2168

Misc Checklist

• My change requires a documentation update on Sparkle's website repository
• My change requires changes to generate_appcast, generate_keys, or sign_update

Only bug fixes to regressions or security fixes are being backported to the 1.x (master) branch now. If you believe your change is significant enough to backport, please also create a separate pull request against the master branch.

Testing

I tested and verified my change by using one or multiple of these methods:

• Sparkle Test App
• Unit Tests
• My own app
• Other (please specify)

For sign_update and generate_appcast tested that:

• --ed-key-file path-to-file works
• --ed-key-file - works
• -s still works and prints deprecation warning to stderr for sign_update, and to stdout for generate_appcast

macOS version tested: 12.4 (21F79)

[jeremyhu]

Thanks.